Filebeat 7.1.1 安装及使用(连接ES)

1. 下载 & 解压

# 下载
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.1.1-linux-x86_64.tar.gz
# 解压
tar xvf filebeat-7.1.1-linux-x86_64.tar.gz
# 软链
ln -s filebeat-7.1.1-linux-x86_64 filebeat

2. 配置 filebeat.yml

vim filebeat.yml

# 详情如下：
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /data/action_log/*.log
  scan_frequency: 10s

# 7.x的版本中需要禁用此索引生命周期，否则在指定es索引名字的时候会有问题
setup.ilm.enabled: false
# 添加模板配置，否则无法指定es的索引名
setup.template.name: "actionlog"
setup.template.pattern: "actionlog-*"

output.elasticsearch:
  #worker: 1
  #bulk_max_size: 1500
  hosts: ["10.240.0.6:9200", "10.240.0.7:9200", "10.240.0.8:9200"]
  index: "actionlog-%{+yyyy.MM.dd}"
  #pipeline: "actionlog"

# Logging
logging.level: warning
logging.to_files: true

3. 启动

./filebeat -e -c filebeat.yml

参考

1. https://www.cnblogs.com/cjsblog/p/9495024.html